Had an aggressive attack against a form page - person using Acutenix

6 posts by 5 authors in: Forums > CMS Builder
Last Post: October 18, 2019   (RSS)

Wow!

Thankfully, no experience with this.

Sorry to hear about the attack.

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

I have never experienced an attack by that company but I have seen other attacks of similar nature.

Do you use any form of CAPTCHA such as from Google?  If not, I suggest doing so.  That tends to cut down on the Spam.

You could also edit the form code to limit the number of submissions by WAN IP however true hackers will be able to spoof their IP or use compromised computers to hit your form.

You could adjust your submission code to check to see if the same or similar values are being entered into the fields before actually passing to the database.  In my experience the robot tends to paste the same value into most of the form fields.

Hey Chris, 

If you need it, there are a number of recipes on how to implement Google's Captcha in my CMSB Cookbook. http"//www.thecmsbcookbook.com

Hope it helps.

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!







Take advantage of a free 3 month trial subscription, only for CMSB users, at: http://www.thecmsbcookbook.com/trial.php

By daniel - October 18, 2019

Hi Equinox,

I'm sorry to hear you experienced such an attack. There's unfortunately not much that can be done to reverse something like this, but going forward I can also recommend using a CAPTCHA as an effective method to cut down on similar automated attacks in the future.

I did have a look at Acunetix and they appear to be a legitimate security company that helps websites locate and fix technical vulnerabilities. However, it's theoretically possible for these sorts of vulnerability scanning tools to be obtained by 3rd parties for malicious use, which looks like it may have been done here.

Best of luck, and let us know if there's anything we can do to help support you.

Daniel
Technical Lead
interactivetools.com

By Dave - October 18, 2019

Hi equinox, 

We've had mass submissions by Acutenix scanners before (and many others).  It's a scanner used to detect vulnerabilities.   Unfortunately, it's just the nature of being on the internet.

Some possible fixes for the future: 

  • You can use the Developer Console plugin to execute a MySQL query that removes all records containing Acutenix (or the IP used to submit requests)
  • You can block the submitting IP in your .htaccess file.
  • You can add a couple lines to code to return a 404 error for any requests that contain "Acutenix"

It's annoying and frustrating, but an ongoing battle.  We get ongoing spammers trying to sign up to our forum and started using Google Captcha and a IP based reputation scoring service to help filter them out.

Let me know if you have any other questions.

Dave Edis - Senior Developer
interactivetools.com